diff --git a/functions/_middleware.ts b/functions/_middleware.ts index 5f76ac0..2c10149 100644 --- a/functions/_middleware.ts +++ b/functions/_middleware.ts @@ -78,6 +78,8 @@ async function setBody(context: RequestContext) { } async function setHeaders(context: RequestContext) { + const nonce = crypto.randomUUID().replace(/-/g, ""); + context.data.nonce = nonce; const response = await context.next(); const rtvValues = [ @@ -110,11 +112,13 @@ async function setHeaders(context: RequestContext) { ], "media-src": ["https://mediaproxy.carcrushers.cc"], "script-src": ["https://challenges.cloudflare.com", "'self'"], + "style-src": [`nonce-${nonce}`, "'self'"], }; const directives = []; - for (const [k, v] of Object.entries(policies)) directives.push(`${k} ${v}`); + for (const [k, v] of Object.entries(policies)) + directives.push(`${k} ${v.join(" ")}`); response.headers.set("Content-Security-Policy", directives.join("; "));